[Snort-users] Fwd: Help with Alerts

Joel Esler jesler at ...1935...
Mon Sep 10 06:36:51 EDT 2012



--
Joel Esler
Sent from my iPad 

Begin forwarded message:

> From: H Phillips <hal_der2000 at ...131...>
> Date: September 9, 2012, 11:45:57 PM EDT
> To: Joel Esler <jesler at ...1935...>
> Subject: Re: [Snort-users] Help with Alerts
> Reply-To: H Phillips <hal_der2000 at ...131...>
> 
> I have a problem. Base is not showing any activity.  Sensors/Total:0/1. Can anyone tell me what the problem may be?
>  
> HP
> 
> From: Joel Esler <jesler at ...1935...>
> To: "wkitty42 at ...14940..." <wkitty42 at ...14940...> 
> Cc: "snort-users at lists.sourceforge.net" <snort-users at ...3893...t> 
> Sent: Sunday, September 9, 2012 4:26 PM
> Subject: Re: [Snort-users] Help with Alerts
> 
> 
> On Sep 9, 2012, at 12:00 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> 
> > On 9/9/2012 09:09, James Lay wrote:
> >> 
> >> On Sep 8, 2012, at 6:31 PM, waldo kitty<wkitty42 at ...14940...>  wrote:
> >> 
> >>> On 9/8/2012 07:53, Joel Esler wrote:
> >>>> If you are using pulledpork, it should generate your Sid-MSG.map for you. Are
> >>>> you using pulledpork?
> >>> 
> >>> and if you are not using pulledpork, there is a tool in the utilities area for
> >>> this... at least there was in the older versions of snort... i guess it is still
> >>> there?
> >>> 
> >>>  create-sidmap.pl /path/to/rules>  /path/to/sidmap/sid-msg.map
> >> 
> >> Actually I think that's part of oinkmaster :)
> > 
> > it might be... i dunno... i've seen it as a separate tool in several places... 
> > gotta dance a little dance if one has more than one rule directory, though...
> 
> It is part of oinkmaster. 
> 
> As someone said earlier in the thread, you need to be using pulledpork to generate the Sid-MSG.map because that will include the SIDS from you local ruleset. 
> Very important. 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org/ to stay current on all the latest Snort news!
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120910/3805ef7a/attachment.html>


More information about the Snort-users mailing list